Skip to main content

À la carte phone hacking is scary, but it’s better than a government backdoor

Another day, another hack by the Israeli firm that’s become a go-to for exposing what’s happening in various high-profile targets’ phones. If you haven’t heard of Cellebrite yet, it’s because you’re not Jeff Bezos, Lev Parnas, or a criminal whose phone the FBI would very much like to access.

The company has hacked several phones on behalf of the U.S. government, and in the Bezos case, was actually used by experts at the United Nations to analyze how, exactly, the Amazon founder’s phone was hacked.

Cellebrite is not the only name in the game: There’s also the much shadier NSO Group, which experts suspect has been hired by authoritarian regimes to spy on journalists and dissidents. GrayKey, Paraben, Blackbag, and MSAB have also all sold their phone-hacking tech to at least two dozen law enforcement agencies around the U.S., according to a report by OneZero.

That report revealed in stark detail just how widespread the use of this type of phone hacking tech has become across the country: It is truly possible for most law enforcement agencies to access the phone of just about anyone, if they so wish.

Yet the U.S. government, from President Donald Trump to the FBI, continues to demand that Apple and other tech companies provide authorities with an encryption backdoor — an idea that privacy advocates all agree is an extremely bad one.

Image used with permission by copyright holder

“I would rather see this than mandatory backdoors,” said Ron Gula, in reference to having companies like Cellebrite in operation. Gula is a former National Security Agency white-hat hacker who now invests in up-and-coming cybersecurity companies in the D.C. area. “Of course, I would rather there be no vulnerabilities at all. But this is a world were law enforcement relies on vulnerabilities to do intelligence gathering, and I want them to focus on that, and not mandatory backdoors. Otherwise, we’re China.”

Rosa Smothers, a former CIA analyst who is now the senior vice president of cyber operations at KnowBe4, a provider of digital security awareness training, said she “1,000% agrees” with Gula’s assessment. “The government has to weigh the benefit of that kind of exploitation and whether it’s worth that kind of security damage,” she told Digital Trends.

“We should all be very concerned about people getting into digital devices,” said David Harding, senior vice president and chief technical officer at ImageWare, a biometric digital security company that works in both the private sector and with the government. “And we should all be very concerned about a government that has everybody’s information readily accessible.”

Why Cellebrite matters

Cellebrite is truly the 800-pound gorilla in the industry, according to Smothers, which is why its name keep popping up in so many cases. “They’re the most user-friendly,” she told Digital Trends, which is useful for police precincts that might not have the time or resources to train up their offices on very technical software. (Cellebrite told Digital Trends that it “cannot comment on specific cases.”)

cellebrite machine
An engineer shows devices developed by the Israeli firm Cellebrite that can hack a locked smartphone and pull the data from it. Jack Guez / AFP via Getty Images

Companies like Cellebrite rely on finding existing vulnerabilities in operating systems and software to provide access opportunities into phones (and they keep those a secret, so companies like Apple don’t get wise and patch them). As those vulnerabilities are updated, these companies must also update their methods. An encryption backdoor would eliminate the need for these kinds of constant updates, and would make it easier to actually read any images that police had taken off of a phone. “They are only as successful as the availability of these vulnerabilities,” Harding said.

The legality of all of this is still extremely fuzzy, said Harding. Every state has its own regulations, and they’re changing all the time: some states will allow police to take someone’s biometric data but not a password, for example. “It’s a bit patchwork in this country,” Harding said.

For now, an average person on the street should probably assume that their phone can and has been accessed by some random tech firm. “We’re all only a few degrees away from someone interesting,” Gula said. “Everyone’s got something to steal.”

These companies all advertise strictly to law enforcement — for now. Smothers said it should stay that way. “Yes, we want to be able to seize the phones of terrorists from Afghanistan or Syria, and see what they’re planning,” she said. “But the reality on the ground is, if the government starts introducing purposeful backdoors, every intelligence agency in the world will be full-court press to get into those phones. You’ll be ringing the dinner bell.”

“It’s really unfortunate that there might be terror cells in the U.S.,” said Gula. “But the threat of someone with a gun who might be part of a terrorist group doesn’t rise to the occasion of needing to put a backdoor on everyone’s phones.”

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
Asus’ new RTX 4090 shattered GPU overclocking records, and you’ll be able to buy it soon
Asus ROG Matrix RTX 4090 graphics card.

If you thought that the RTX 4090 was already the best we'll see in this generation, Asus is here to prove you wrong. Nearly a year after the initial launch of Nvidia's top graphics card, Asus is about to release the ROG Matrix GeForce RTX 4090 -- a one-of-a-kind GPU that already has a new world record under its belt.

ROG Matrix GeForce RTX 4090 Graphics Card

Read more
Watch this incredible slow-motion footage of a rocket engine test
A screenshot from the Slo Mo Guys' footage of a rocket engine test.

Close-up Ignition of a Rocket Engine in Slow Mo - The Slow Mo Guys

The Slow Mo guys -- aka Gavin Free and Daniel Gruchy -- are back with another video that’s as fascinating as it is entertaining, this one showing a rocket engine test in astonishing, slowed down, detail.

Read more
The latest Windows Update is reportedly causing Starfield problems
A man walking into a dusty town on another planet in starfield.

If you've installed the latest Windows 11 update and you've been experiencing all sorts of issues ever since, you're not alone And if you're still yet to install it, it's probably best hold off on it for now. Many users have been reporting problems following the recent update, including crashes, slowdowns, and blue screens of death (BSOD). Gamers appear to be affected most of all, with some reporting stuttering in Starfield and Ratchet and Clank: Rift Apart. 

Following the latest update released on Patch Tuesday, various reports of problems started pouring in across social media and Microsoft's Feedback Hub. Microsoft itself hasn't spoken up about this yet, but considering the number of reported issues, we could soon hear an official comment on the situation. If you've already installed the update and aren't experiencing problems, you have nothing to worry about. If you have installed and are encountering issues, it's best to revert to the previous version and reach out through the Feedback Hub.

Read more